secator 0.16.4__tar.gz → 0.16.5__tar.gz

{secator-0.16.4 → secator-0.16.5}/CHANGELOG.md

@@ -1,5 +1,14 @@
 # Changelog
 
+## [0.16.5](https://github.com/freelabz/secator/compare/v0.16.4...v0.16.5) (2025-06-25)
+
+
+### Bug Fixes
+
+* **celery:** pass mongodb uuids when enabled ([#701](https://github.com/freelabz/secator/issues/701)) ([64b43e8](https://github.com/freelabz/secator/commit/64b43e88659c963a0c526829a2f72ee75348edef))
+* **ci:** add apt update in ci ([261d1e8](https://github.com/freelabz/secator/commit/261d1e8bdbca06e85adf3df7a9489bff7ba445ab))
+* prod optimizations (GCS ValueError, dynamic profile for fuzzers with big wordlists) ([#707](https://github.com/freelabz/secator/issues/707)) ([bcd6024](https://github.com/freelabz/secator/commit/bcd6024d91362ca141b71a49c4f80c759e1801ca))
+
 ## [0.16.4](https://github.com/freelabz/secator/compare/v0.16.3...v0.16.4) (2025-06-13)
 
 

{secator-0.16.4 → secator-0.16.5}/PKG-INFO

@@ -1,6 +1,6 @@
 Metadata-Version: 2.4
 Name: secator
-Version: 0.16.4
+Version: 0.16.5
 Summary: The pentester's swiss knife.
 Project-URL: Homepage, https://github.com/freelabz/secator
 Project-URL: Issues, https://github.com/freelabz/secator/issues

{secator-0.16.4 → secator-0.16.5}/cloudbuild.yaml

@@ -3,11 +3,13 @@ steps:
   entrypoint: 'bash'
   args: ['-c', 'docker pull ${_LOCATION}-docker.pkg.dev/$PROJECT_ID/${_REPOSITORY}/secator:${_VERSION} || exit 0']
 - name: 'gcr.io/cloud-builders/docker'
-  args: ['build', '-t', '${_LOCATION}-docker.pkg.dev/$PROJECT_ID/${_REPOSITORY}/secator:${_VERSION}', '--cache-from', '${_LOCATION}-docker.pkg.dev/$PROJECT_ID/${_REPOSITORY}/secator:${_VERSION}', '.']
+  args: ['build', '-t', '${_LOCATION}-docker.pkg.dev/$PROJECT_ID/${_REPOSITORY}/secator:${_VERSION}', '--build-arg', 'flavor=${_FLAVOR}', '--cache-from', '${_LOCATION}-docker.pkg.dev/$PROJECT_ID/${_REPOSITORY}/secator:${_VERSION}', '.']
+
 substitutions:
   _REPOSITORY: secator
   _LOCATION: europe-west1
-  _VERSION: latest
+  _VERSION: dev
+  _FLAVOR: full
 
 images:
 - '${_LOCATION}-docker.pkg.dev/$PROJECT_ID/${_REPOSITORY}/secator:${_VERSION}'

{secator-0.16.4 → secator-0.16.5}/pyproject.toml

@@ -4,7 +4,7 @@ build-backend = 'hatchling.build'
 
 [project]
 name = 'secator'
-version = "0.16.4"
+version = "0.16.5"
 authors = [{ name = 'FreeLabz', email = 'sales@freelabz.com' }]
 readme = 'README.md'
 description = "The pentester's swiss knife."

{secator-0.16.4 → secator-0.16.5}/secator/celery.py

@@ -240,7 +240,8 @@ def forward_results(results):
 		console.print(Info(message=f'Deduplicating {len(results)} results'))
 
 	results = flatten(results)
-	if CONFIG.addons.mongodb.enabled:
+	if IN_CELERY_WORKER_PROCESS and CONFIG.addons.mongodb.enabled:
+		console.print(Info(message=f'Extracting uuids from {len(results)} results'))
 		uuids = [r._uuid for r in results if hasattr(r, '_uuid')]
 		uuids.extend([r for r in results if isinstance(r, str)])
 		results = list(set(uuids))
@@ -271,12 +272,14 @@ def mark_runner_started(results, runner, enable_hooks=True):
 	if results:
 		results = forward_results(results)
 	runner.enable_hooks = enable_hooks
-	if CONFIG.addons.mongodb.enabled:
+	if IN_CELERY_WORKER_PROCESS and CONFIG.addons.mongodb.enabled:
 		from secator.hooks.mongodb import get_results
 		results = get_results(results)
 	for item in results:
 		runner.add_result(item, print=False)
 	runner.mark_started()
+	if IN_CELERY_WORKER_PROCESS and CONFIG.addons.mongodb.enabled:
+		return [r._uuid for r in runner.results]
 	return runner.results
 
 
@@ -297,12 +300,14 @@ def mark_runner_completed(results, runner, enable_hooks=True):
 	debug(f'Runner {runner.unique_name} has finished, running mark_completed', sub='celery')
 	results = forward_results(results)
 	runner.enable_hooks = enable_hooks
-	if CONFIG.addons.mongodb.enabled:
+	if IN_CELERY_WORKER_PROCESS and CONFIG.addons.mongodb.enabled:
 		from secator.hooks.mongodb import get_results
 		results = get_results(results)
 	for item in results:
 		runner.add_result(item, print=False)
 	runner.mark_completed()
+	if IN_CELERY_WORKER_PROCESS and CONFIG.addons.mongodb.enabled:
+		return [r._uuid for r in runner.results]
 	return runner.results
 
 

{secator-0.16.4 → secator-0.16.5}/secator/hooks/gcs.py

@@ -42,10 +42,12 @@ def upload_blob(bucket_name, source_file_name, destination_blob_name):
 	storage_client = storage.Client()
 	bucket = storage_client.bucket(bucket_name)
 	blob = bucket.blob(destination_blob_name)
-	blob.upload_from_filename(source_file_name)
+	with open(source_file_name, 'rb') as f:
+		f.seek(0)
+		blob.upload_from_file(f)
 	end_time = time()
 	elapsed = end_time - start_time
-	debug(f'in {elapsed:.4f}s', obj={'blob': 'CREATED', 'blob_name': destination_blob_name, 'bucket': bucket_name}, obj_after=False, sub='hooks.gcs', verbose=True)  # noqa: E501
+	debug(f'in {elapsed:.4f}s', obj={'blob': 'UPLOADED', 'blob_name': destination_blob_name, 'bucket': bucket_name}, obj_after=False, sub='hooks.gcs', verbose=True)  # noqa: E501
 
 
 HOOKS = {

{secator-0.16.4 → secator-0.16.5}/secator/hooks/mongodb.py

@@ -30,7 +30,8 @@ def get_mongodb_client():
 		_mongodb_client = pymongo.MongoClient(
 			escape_mongodb_url(MONGODB_URL),
 			maxPoolSize=MONGODB_MAX_POOL_SIZE,
-			serverSelectionTimeoutMS=MONGODB_CONNECT_TIMEOUT
+			serverSelectionTimeoutMS=MONGODB_CONNECT_TIMEOUT,
+			connect=False
 		)
 	return _mongodb_client
 
@@ -157,19 +158,23 @@ def load_findings(objs):
 
 
 @shared_task
-def tag_duplicates(ws_id: str = None):
+def tag_duplicates(ws_id: str = None, full_scan: bool = False):
 	"""Tag duplicates in workspace.
 
 	Args:
 		ws_id (str): Workspace id.
+		full_scan (bool): If True, scan all findings, otherwise only untagged findings.
 	"""
 	debug(f'running duplicate check on workspace {ws_id}', sub='hooks.mongodb')
 	client = get_mongodb_client()
 	db = client.main
 	workspace_query = list(
 		db.findings.find({'_context.workspace_id': str(ws_id), '_tagged': True}).sort('_timestamp', -1))
+	untagged_query = {'_context.workspace_id': str(ws_id)}
+	if not full_scan:
+		untagged_query['_tagged'] = {'$ne': True}
 	untagged_query = list(
-		db.findings.find({'_context.workspace_id': str(ws_id), '_tagged': {'$ne': True}}).sort('_timestamp', -1))
+		db.findings.find(untagged_query).sort('_timestamp', -1))
 	if not untagged_query:
 		debug('no untagged findings. Skipping.', id=ws_id, sub='hooks.mongodb')
 		return

{secator-0.16.4 → secator-0.16.5}/secator/tasks/_categories.py

@@ -96,6 +96,20 @@ class HttpFuzzer(Command):
 	meta_opts = {k: OPTS[k] for k in OPTS_HTTP_FUZZERS}
 	input_types = [URL]
 	output_types = [Url]
+	profile = lambda opts: HttpFuzzer.dynamic_profile(opts)  # noqa: E731
+
+	@staticmethod
+	def dynamic_profile(opts):
+		wordlist = HttpFuzzer._get_opt_value(
+			opts,
+			'wordlist',
+			opts_conf=dict(HttpFuzzer.opts, **HttpFuzzer.meta_opts),
+			opt_aliases=opts.get('aliases', []),
+			preprocess=True,
+			process=True,
+		)
+		wordlist_size_mb = os.path.getsize(wordlist) / (1024 * 1024)
+		return 'cpu' if wordlist_size_mb > 5 else 'io'
 
 
 #----------------#